So the otp app has to account for this or is a workaround possible in freeradius? Best regards -----Ursprüngliche Nachricht----- Von: Freeradius-Users [mailto:freeradius-users-bounces+bernhard.knoll=check24.de@lists.freeradius.org] Im Auftrag von Alan DeKok Gesendet: Donnerstag, 12. Juli 2018 17:03 An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Betreff: Re: Backslash in AD Password On Jul 12, 2018, at 10:58 AM, Bernhard Knoll <Bernhard.Knoll@check24.de> wrote:
is it possible to see what password a module is forwarding to an application?
The debug output you posted to the list shows this.
I have the problem that I run freeradius with an external OTP Software (LinOTP) via a rlm_perl module.
When I try to authenticate from a Cisco ASA with Anyconnect the authentication fails if there is a backslash in the username. If I try to authenticate directly agauinst the OTP Software it works with the backslash. In the radius -X log is see the password with escaped backslash:
Yes... that's how it works. Special characters are escaped. With backslashes.
Is there a way to see if freeradius sends the password with 2 backslashes?
The debug output? Or, you can edit the Perl function to print out each individual character in the password. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html